Thursday, June 21, 2012

When deploying E210 it is recommended to set CAS ARRAY. ( Client Access Server Array) CAS Array is recommended even you have one CAS or a single multi-role Exchange serves you have in your deployment plans.

I wanted to reiterate why the FQDN of CAS Array should be internally resolvable via internal DNS and should not be exposed to outside.

The short answer is to prevent delay on outlook clients when they are outside and trying to connect. now let’s look into this a bit deeper and try to understand what does this mean to us?

when client opens outlook internally, outlook will try to resolve the home server property configured within the outlook. So the outlook gets FQDN something like outlook.internal.local which then , Outlook checks its configured TCP/IP and finds out what DNS server to talk to and request IP address for the name outlook.internal.local ,

Outlook opens up internally by Client………

It resolves the “home server property” outlook.internal.local

It finds out what DNS server to talk too ( TCP/IP Stack defined on the workstation and DNS )

It will ask the IP Address of “outlook.internal.local “ ( We assume this was configured within outlook)

Modify who can relay off this connector , next, finish , Set Authentication and permissions group.

We have do the fist part now we will test the application relay, so log on to application server, and open command line, we will telnet on port 25 from application server to the HUB server and sent mail from command line if mail is received your application will work. Before we get going make sure port 25 from application server to HTS server is NOT BLOCKED , common issues antivirus software blockage, or firewall etc..

Monday, June 11, 2012

If you are working on TMG server and Exchange 2010 scenario and receiving above errors , verifying couple things may save the day.

Check your static route table and make sure there is no loop causing this issue. Delete all your static route and add them one by one and make sure Static route is persistent and TMG internal NIC properties has these networks

Windows 2008 use Netsh ( route add , windows 2008 may not honor the static route, even the route may seem to be there from GUI)

NetSH Interface ip show route

Lets assume we have two interface

The interface inside = talk to Active Directory , This interface does not have DGW ( Default Gateway) , hence we need static route to tell the TMG how to reach back to this network.

Outside interface = Talk to Outside ) This interface has DGW ( Default Gateway) , okay if the internal DGW is 10.80.3.1 and we are trying to reach out to 10.80.3.102, then the NetSH command would be as fallows….. ( Replace the IP addresses suits to your own environment)